The-Homebrew-Cloud/dolphin
2
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2025-01-24 23:11:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

add example of how you can use dspspy to dump results from an entire ucode (commented out)

Browse Source 
git-svn-id: https://dolphin-emu.googlecode.com/svn/trunk@5107 8ced0084-cf51-0410-be5f-012b33b47a6e
This commit is contained in:
Shawn Hoffman 2010-02-22 01:06:11 +00:00
parent 73d575c5c2
commit 11eb1bba9b
2 changed files with 654 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

608
Source/DSPSpy/gba.txt Normal file
View File

@ -0,0 +1,608 @@
incdir "tests"
include "dsp_base.inc"
; We'll let dsp_base.inc catch exceptions
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;halt
;rti
;halt
sbset #0x06
sbclr #0x03
sbclr #0x04
sbset #0x05
lri $CR, #0x00ff
lri $WR0, #0xffff
lri $WR1, #0xffff
lri $WR2, #0xffff
lri $WR3, #0xffff
set40
m0
clr15
;step 1: context setup
call send_back_40
call 0x807e ; loop until dsp->cpu mailbox is empty
si @DMBH, #0xdcd1
si @DMBL, #0x0000 ; sendmail 0xdcd10000
si @DIRQ, #0x0001
; wait for cpu mail == 0xabbaxxxx
wait_cpu_init:
call 0x8078
lrs $AC0.L, @CMBL
cmpi $AC0.M, #0xabba
jnz wait_cpu_init
; Next mail has the mram addr of the data to fetch
set16
call 0x8078
lrs $AX0.L, @CMBL
andi $AC0.M, #0x0fff
mrr $AX0.H, $AC0.M
lri $AX1.H, #0x0000 ; DSP-dram addr
lri $AX1.L, #0x0020 ; length (32 bytes = 16 words, word 9 and 10 are addr where result should DMA'd to in main mem)
lri $IX3, #0x0000 ; there will be no ucode/iram upload
lri $AR0, #do_main ; return addr after dram upload
jmp 0x80bc ; DRAM upload !!
; $AX0.H-$AX0.L - CPU(PPC) addr = mail & 0x0fffffff
; upload data from mainmem to dsp dram and jump to 0x41 after that
; ucode addr 0x0041
do_main:
;step 2: got data from cpu, before going into BigCrazyFunction
call send_back
call BigCrazyFunction ; <<------------- main crap is here!!!!!!!!!
call 0x807e ; loop until dsp->cpu mailbox is empty
si @DMBH, #0xdcd1
si @DMBL, #0x0003 ; sendmail 0xdcd10003 (aka... calc is over, result is in main mem now)
si @DIRQ, #0x0001
set40
; wait for cpu to tell us what to do after calc'ing
wait_cpu_end:
call 0x8078
cmpi $AC0.M, #0xcdd1
jnz wait_cpu_end
lrs $AC0.M, @CMBL
cmpi $AC0.M, #0x0001
jz PrepareBootUcode ; if cpu->dsp mail was 0xcdd10001 -> 005e_PrepareBootUcode()
cmpi $AC0.M, #0x0002
jz 0x8000 ; if cpu->dsp mail was 0xcdd10002 -> dsp reset ( jmp to irom(0x8000))
; THIS IS CUSTOM CODE
cmpi $AC0.M, #0xbabe
jz end_of_test ; wait for dsp to be reset by cpu
jmp wait_cpu_end ; wait for next mail from cpu
halt
PrepareBootUcode:
set16
call 0x8078
lrs $AC0.L, @CMBL
call 0x8078
lrs $AC0.L, @CMBL
call 0x8078
lrs $AC0.L, @CMBL
call 0x8078
lr $IX1, @CMBL
andi $AC0.M, #0x0fff
mrr $IX0, $AC0.M
call 0x8078
lr $IX3, @CMBL
call 0x8078
lr $IX2, @CMBL
call 0x8078
lr $AR0, @CMBL
call 0x8078
lrs $AX0.L, @CMBL
andi $AC0.M, #0x0fff
mrr $AX0.H, $AC0.M
call 0x8078
lrs $AX1.L, @CMBL
call 0x8078
lrs $AX1.H, @CMBL
sbclr #0x05
sbclr #0x06
jmp 0x80b5 ; BootUcode()
halt
; does some crazy stuff with data at dram @0x3/0x5/0x6/0x7 with help of some values from drom :)
; result is @0x22,@0x23 and written back to main memory to dmem-0x08:dmem-0x09
BigCrazyFunction:
; {
clr $ACC0
lri $AR1, #0x0010
loopi #0x20
srri @$AR1, $AC0.M
call send_back ;3
lr $AC1.M, @0x1456
call send_back
andi $AC1.M, #0xffd0
call send_back
clrp'mv : $AX1.L, $AC1.M ; assembler doesn't like .m here
call send_back
lri $AR0, #0x0000
call send_back
lri $IX2, #0x0000
call send_back
lri $AR2, #0x001f
call send_back
lr $AC0.M, @0x15f6
call send_back
lsl $ACC0, #8
call send_back
lr $AC1.M, @0x1766
call send_back
andi $AC1.M, #0x00ff
call send_back
mrr $AX0.H, $AC1.M
call send_back
call 0x88e5
call send_back
mrr $AX0.L, $AC0.L
call send_back
clr'mv $ACC0 : $AX1.H, $AC0.M ; assembler doesn't like .m here
call send_back
lrri $AC0.M, @$AR0
call send_back
lsr $ACC0, #-8
call send_back
mrr $AC1.M, $AC0.L
call send_back
mrr $AX0.H, $AC0.M
call send_back
call 0x8809
call send_back
call 0x8723
call send_back
dar $AR2
call send_back
clr'dr $ACC0 : $AR2
call send_back
lr $AC0.M, @0x166c
call send_back
lsl $ACC0, #4
call send_back
andi $AC0.M, #0xff00
call send_back
lr $AC1.M, @0x1231
call send_back
lsr $ACC1, #-8
call send_back
andi $AC1.M, #0x00ff
call send_back
mrr $AX0.H, $AC1.M
call send_back
call 0x88e5
call send_back
mrr $AX0.L, $AC0.L
call send_back
clr'mv $ACC0 : $AX1.H, $AC0.M ; assembler doesn't like .m here
call send_back
lrri $AC0.M, @$AR0
call send_back
lsr $ACC0, #-8
call send_back
mrr $AC1.M, $AC0.L
call send_back
mrr $AX0.H, $AC0.M
call send_back
call 0x8809
call send_back
call 0x8723
call send_back
clr $ACC0
call send_back
clr $ACC1
call send_back
lr $AC1.H, @0x0005
call send_back
asr16 $ACC1
call send_back
cmp
call send_back ;46
jz Unk_00e5
call send_back ;47
jl Unk_00f3
call send_back ;48
; if ( > ) {
; length 12
lri $AR2, #0x0010
call send_back
lri $IX2, #0x0001
call send_back
lr $AC0.H, @0x171b
call send_back
asr16 $ACC0
call send_back
neg $ACC1
call send_back
add $ACC1, $ACC0
call send_back
lsl $ACC1, #1
call send_back
mrr $AX0.H, $AC1.M
call send_back
lr $AC1.M, @0x0003
call send_back
lsl $ACC1, #4
call send_back
call 0x8809
call send_back
jmp Unk_0102
call send_back ;60
; } else if ( == 0) {
; length 8
Unk_00e5:
lri $AR2, #0x0011
call send_back
lr $AC1.M, @0x0003
call send_back
lsl $ACC1, #1
call send_back
mrr $AX0.H, $AC1.M
call send_back
lr $AC0.M, @0x1043
call send_back
andi $AC0.M, #0xfff0
call send_back
call 0x88e5
call send_back ;53
jmp Unk_0102
; } else if ( < ) {
; length 10
Unk_00f3:
lri $AR2, #0x0010
call send_back
lri $IX2, #0x0001
call send_back
lr $AC0.H, @0x1285
call send_back
asr16 $ACC0
call send_back
add $ACC1, $ACC0
call send_back
lsl $ACC1, #1
call send_back
lr $AC0.M, @0x0003
call send_back
lsl $ACC0, #4
call send_back
mrr $AX0.H, $AC0.M
call send_back
call 0x8809
call send_back ;57
; }
Unk_0102:
lri $AR3, #0x0013
call send_back ; either step 60, 53, 57
srri @$AR3, $AC0.M
call send_back
clr's $ACC1 : @$AR3, $AC0.L
call send_back
lri $AR3, #0x0013
call send_back
lr $AC1.M, @0x0007
call send_back
lr $AC0.M, @0x11b8
call send_back
andi $AC0.M, #0xfff0 ;66
call send_back
mrr $AX0.H, $AC0.M
call send_back
;call 0x81f4
mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
call send_back
asr16'ir $ACC1 : $AR1
call send_back ;66
srri @$AR3, $AC1.M
call send_back
clr's $ACC0 : @$AR3, $AC1.L
call send_back
lsl16 $ACC1
call send_back
;call 0x8458 ;66
mulxac'mv $AX0.H, $AX1.L, $ACC1 : $AX1.H, $AC0.M
call send_back
asr16 $ACC1
call send_back
srri @$AR3, $AC1.M
call send_back
clr's $ACC0 : @$AR3, $AC1.L
call send_back
call send_back
set40
call send_back_40
lri $AR2, #0x0015
call send_back_40
lr $AC0.M, @0x0006
call send_back_40
lr $AX0.H, @0x165b
call send_back_40
call 0x88e5
call send_back_40
asr $ACC0, #-3
call send_back_40
lsl $ACC0, #3
call send_back_40
srri @$AR2, $AC0.M
call send_back_40
srri @$AR2, $AC0.L
call send_back_40
lri $AR2, #0x0016
call send_back_40
lr $AC0.M, @0x1723
call send_back_40
asr $ACC0, #-12
call send_back_40
lr $AX0.H, @0x166b
call send_back_40
call 0x88e5
call send_back_40
tst $ACC0
call send_back_40
jge Unk_012e
call send_back_40
clr $ACC0
call send_back_40
Unk_012e:
asr $ACC0, #-3
call send_back_40
set16
;step 4
call send_back
lr $AC1.M, @0x1491
call send_back
andi $AC1.M, #0xd0f0
call send_back
mrr $IX1, $AC1.M
call send_back
lr $AC1.M, @0x1468
call send_back
lr $AC1.H, @0x11fc
call send_back
lsr $ACC1, #-4
call send_back
mrr $IX2, $AC1.M
call send_back
lr $AC1.H, @0x11b8
call send_back
asr16 $ACC1
call send_back
lsl $ACC0, #24
call send_back
lsr $ACC0, #-8
call send_back
mrr $AX0.H, $AC0.M
call send_back
mrr $AC1.M, $AC0.M
call send_back
mrr $AX1.H, $IX1
call send_back
andr $AC0.M, $AX1.H
call send_back
lsl $ACC0, #2
call send_back
mrr $AX1.H, $IX2
call send_back
andr $AC1.M, $AX1.H
call send_back
lsl $ACC1, #1
call send_back
add $ACC0, $ACC1
call send_back
lsl $ACC1, #24
call send_back
asr16 $ACC1
call send_back
andr $AC1.M, $AX0.H
call send_back
add $ACC0, $ACC1
call send_back
lr $AC1.M, @0x0012
call send_back
orc $AC1.M, $AC0.M
call send_back
sr @0x0012, $AC1.M
call send_back
lsr $ACC0, #-16
call send_back
lr $AC1.M, @0x0011
call send_back
orc $AC1.M, $AC0.M
call send_back
sr @0x0011, $AC1.M
call send_back
mrr $AC1.L, $IX1
call send_back
lsl $ACC1, #1
call send_back
mrr $AC1.M, $IX2
call send_back
lsl16 $ACC1
call send_back
asr $ACC1, #-8
call send_back
lsr16 $ACC1
call send_back
mrr $AX0.H, $AC1.M
call send_back
mrr $AX1.H, $AC1.L
call send_back
clr $ACC0
call send_back
lr $AC0.M, @0x0011
call send_back
andr $AC0.M, $AX0.H
call send_back
clr $ACC1
call send_back
lr $AC1.M, @0x0012
call send_back
andr $AC1.M, $AX0.H
call send_back
add $ACC0, $ACC1
call send_back
lr $AC1.M, @0x0012
call send_back
lsr $ACC1, #-8
call send_back
add $ACC0, $ACC1
call send_back
call send_back
clr $ACC1
call send_back
mrr $AC1.M, $AC0.M
call send_back
lsl $ACC1, #8
call send_back
orr $AC1.M, $AX1.H
call send_back
lr $AC0.M, @0x0011
call send_back
orc $AC0.M, $AC1.M
call send_back
lr $AC1.M, @0x0012
call send_back
orr $AC1.M, $AX1.H
call send_back
mrr $IX1, $AC1.M
call send_back
lr $AX0.H, @0x15f1
call send_back
andr $AC1.M, $AX0.H
call send_back
jz else_0192
call send_back
; if () {
lr $AC1.M, @0x10e2
call send_back
lsl $ACC1, #8
call send_back
mrr $AX0.H, $AC1.M
call send_back
lr $AC1.M, @0x103b
call send_back
decm $AC1.M
call send_back
orr $AC1.M, $AX0.H
call send_back
xorc $AC0.M, $AC1.M
call send_back
sr @0x0022, $AC0.M
call send_back
lr $AC0.L, @0x1229
call send_back
lr $AC1.L, @0x11f8
call send_back
sub $ACC0, $ACC1
call send_back
lsl16 $ACC0
call send_back
mrr $AC1.M, $IX1
call send_back
xorc $AC0.M, $AC1.M
call send_back
jmp Unk_01a5
call send_back
; } else {
else_0192:
lr $AC1.M, @0x10ca
call send_back
lsl $ACC1, #8
call send_back
mrr $AX0.H, $AC1.M
call send_back
lr $AC1.M, @0x1043
call send_back
incm $AC1.M
call send_back
orr $AC1.M, $AX0.H
call send_back
xorc $AC0.M, $AC1.M
call send_back
sr @0x0022, $AC0.M
call send_back
lr $AC0.L, @0x1259
call send_back
lr $AC1.L, @0x16fe
call send_back
add $ACC0, $ACC1
call send_back
lsl16 $ACC0
call send_back
mrr $AC1.M, $IX1
call send_back
xorc $AC0.M, $AC1.M
call send_back
; }
Unk_01a5:
; this is where result is written to main memory
; dsp mem 0x20-0x23 (8 bytes) are written back (DMA limitation),
; but only values @22 and @23 were modified (result is 32bit)
sr @0x0023, $AC0.M
call send_back
lr $AX0.H, @0x0008 ; cpu addr high
call send_back
lr $AX0.L, @0x0009 ; cpu addr low
call send_back
lri $AX1.H, #0x0020 ; dsp addr
call send_back
lri $AX1.L, #0x0008 ; length
call send_back
lri $IX3, #0x0000 ; there will be no iram dma
call send_back
call 0x808b ; dram->cpu <<<--- important!!
call send_back
ret
; }
; Free some space for the TROJAN CODEZ
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop
;nop

46
Source/DSPSpy/main_spy.cpp
View File

@ -104,6 +104,27 @@ u16 dspreg_in[32] = {
u16 dspreg_out[1000][32]; u16 dspreg_out[1000][32];
/*
// gba ucode dmas result here
u32 SecParams_out[2] __attribute__ ((aligned (0x20))) = {
0x11223344, // key
0x55667788 // bootinfo
};
// ripped from demo
u32 SecParams_in[8] __attribute__ ((aligned (0x20))) = {
0xDB967E0F, // key from gba
0x00000002,
0x00000002,
0x00001078,
(u32)SecParams_out, //0x80075060, // ptr to receiving buffer
// padding?
0x00000000,
0x00000000,
0x00000000
};
*/
// UI (interactive register editing) // UI (interactive register editing)
u32 ui_mode; u32 ui_mode;
@ -370,6 +391,8 @@ void handle_dsp_mail(void)
real_dsp.SendMailTo(0x8000dead); real_dsp.SendMailTo(0x8000dead);
while (real_dsp.CheckMailTo()); while (real_dsp.CheckMailTo());
} }
// ROM dumping mails
else if (mail == 0x8888c0de) else if (mail == 0x8888c0de)
{ {
// DSP has copied irom to its dram...send address so it can dma it back // DSP has copied irom to its dram...send address so it can dma it back
@ -388,6 +411,29 @@ void handle_dsp_mail(void)
DumpDSP_ROMs(dspbufP, &dspbufP[0x1000]); DumpDSP_ROMs(dspbufP, &dspbufP[0x1000]);
} }
// SDK status mails
/*
// GBA ucode
else if (mail == 0xdcd10000) // DSP_INIT
{
real_dsp.SendMailTo(0xabba0000);
while (real_dsp.CheckMailTo());
DCFlushRange(SecParams_in, sizeof(SecParams_in));
CON_PrintRow(4, 25, "SecParams_out = %x", SecParams_in[4]);
real_dsp.SendMailTo((u32)SecParams_in);
while (real_dsp.CheckMailTo());
}
else if (mail == 0xdcd10003) // DSP_DONE
{
real_dsp.SendMailTo(0xcdd1babe); // custom mail to tell dsp to halt (calls end_of_test)
while (real_dsp.CheckMailTo());
DCInvalidateRange(SecParams_out, sizeof(SecParams_out));
CON_PrintRow(4, 26, "SecParams_out: %08x %08x",
SecParams_out[0], SecParams_out[1]);
}
*/
CON_PrintRow(2, 1, "UCode: %d/%d %s, Last mail: %08x", CON_PrintRow(2, 1, "UCode: %d/%d %s, Last mail: %08x",
curUcode + 1, NUM_UCODES, UCODE_NAMES[curUcode], mail); curUcode + 1, NUM_UCODES, UCODE_NAMES[curUcode], mail);
} }